Fighting Back Against Cyber Crimes

Mark Clancy, Soltra® CEO, discusses his strategy for sharing cyber threat information

The phone rings. Another bank’s computer system is under attack. Its network has been compromised. This is the third financial institution today whose network has been breached. Are you being targeted next?

This scenario plays out multiple times every day at many financial services firms, which face a seemingly endless assault of cyberattacks. The industry continues to be one of the most heavily targeted sectors globally, forced to defend itself against a sophisticated array of cyber criminals, who oftentimes use a single attack against hundreds or even thousands of organizations. In the face of this persistent threat, the best defense is to improve the collective cyber resiliency of the financial sector and beyond.

“Organizations don’t have the luxury of taking hours to process and act on the avalanche of threat information they hold to reduce or prevent a cyber threat,” according to Mark Clancy, Soltra® Chief Executive Officer. “It needs to be done in seconds. Automating that information flow is a challenge that goes beyond the capabilities of any single organization or vendor. It takes cross-sector, cross-vendor collaboration and standardization.”

Clancy has been among the most vocal and visible members of the industry discussing the importance of information sharing between the public and private sectors. His work has taken him to all parts of the world, but the message he’s heard from information security officers and others in similar posts has been the same – there needs to be a common approach and language to collect, analyze and distribute threat intelligence seamless and quickly. As Clancy likes to say, Soltra® was created by the industry, for the industry, to help solve this unique challenge.

Soltra® Edge™, the first product released by Soltra®, the joint venture between DTCC and the Financial Services – Information Sharing and Analysis Center, experienced significant growth in its user-community last year, boasting members from across the private and public sectors, including healthcare, intelligence, energy, telecommunications and retail, among others. Expanding Soltra®’s user-base further – as well as better understanding the connections between external threats and internal vulnerabilities – is a top priority for 2016.

Clancy explains that the diversification of the Soltra® community comes at a time when cyber-related challenges are increasingly under debate in the public realm, and lawmakers and regulators from a broad cross-section of the policymaking community are examining everything from consumer and privacy protection to encryption and the resiliency of critical infrastructure. For example, in late 2015, the Obama Administration and the United States Congress approved legislation designed to improve cyber threat information sharing between the public and private sectors and among private sector entities – a move which was embraced by DTCC and the financial services community.

“The progress has been very good, but the battle is far from over,” Clancy said.

Stephen Scharf, DTCC Chief Security Officer, concurred, noting that financial infrastructures are now increasingly turning their attention to improving their resiliency to catastrophic cyber attacks – and DTCC is no exception.

“Cyber attacks have evolved from an experimental novelty into professional criminal industries and nation-state level engagement,” said Scharf. “Continually improving our resiliency to such attacks is a top priority for DTCC, and we partner with the industry and financial policymakers to help ensure that our systems effectively evolve and adapt to the rapidly changing cyber threat landscape that we face.”